Conformity assessment deal links UK, EU firms to open digital ID market access
In a move to enable easier access to EU and UK markets for digital identity firms, two of the largest providers of conformity assessment in the sector have signed a mutual recognition and respect deal. An email release from the Age Check Certification Scheme says the deal links Manchester, UK-based Digital Identity Systems Certification (run by AVID Certification Services Ltd) – a provider of conformity assessment under the UK’s Digital ID and Attributes Trust Framework (DIATF) – and Madrid-headquartered Certeidas, a provider of conformity assessment under the Electronic Identification and Trust Services (eIDAS).
The cooperation means that EU-based ID service providers (IDSPs) will be able to apply for UK trust framework certification with “a simple top-up of their existing eIDAS certification.” Likewise, IDSPs certified under the UK DIATF will be able to apply for eIDAS certification – “including the components of a Qualified Trust Services for the new EU Digital ID (EUDI) wallet.”
“Clients in the UK and in the EU want to work collaboratively to access each other’s markets in new and innovative ways following the UK’s exit from the EU,” says Paloma Llaneza, eIDAS and eID scheme manager for the CerteIDAS service in Spain. “However, it can be expensive to apply for multiple certifications to different schemes, so we have been keen to work with a UK-based conformity assessment body to achieve this mutual recognition based on control mapping.”
Per Tony Allen, CEO of the DISC service in the UK, “with a mutual recognition and respect agreement for the certification activities of each other, we can accept the equivalent certification and testing carried out by other suitably qualified and accredited auditors.”
This is possible, in part, because of overlap in the standards. The release specifies that the UK DIATF and ETSI TS 119 461 – the latter of which sets the standards underpinning policy and security requirements for trust service components providing identity proofing of trust service subjects in the EU – are “tailored to different regulatory environments and scopes meaning that there is no automatic like-for-like recognition between the two frameworks.” Yet there is enough crossover that a mutual recognition and respect agreement makes sense, in order to “smooth the process for UK DIATF clients to enter the EU market” as the EU rolls out the EUDI wallet scheme.
“Both frameworks aim to establish a trustworthy, secure, and standardized approach to digital identity proofing and management,” says the release. Both emphasize the importance of robust security measures to protect sensitive identity information, and set out compliance requirements for entities that provide identity verification services. And both “stress the importance of user control and transparency.”
The differences, meanwhile, concern tailoring regulations for specific contexts. And while the EU framework is more technical, DIATF “provides a comprehensive approach that includes guidance on technical implementation but is more focused on the broader aspects of identity services, including user experience and data privacy.”
The UK government has an online list of approved conformance assessment bodies for DIATF certification.
UK framework needs stronger grounding in law, says Digidentity CTO
In an article in Business Reporter, Digitentity’s Marcel Wendt provides another angle on the UK/EU trust framework comparison. Wendt says the UK’s trustmark scheme, as defined by the upcoming Identity Verification Services Bill and its broader parent, the Digital Information and Smart Data Bill (DISD), “represents a considerable advancement.” But the UK still lags behind the EU, where the success of eIDAS “lies in its standardized approach to digital identities, which has streamlined cross-border transactions and administrative processes.”
If the UK is to catch up to its EU counterparts, it needs to establish robust regulatory frameworks and significant public trust, built in part on a stronger legal foundation. Improved administrative efficiency will have a noticeable impact. But the benefits of digital ID to UK businesses, Wendt says, are about more than just efficiency. “They build a crucial element of the UK’s broader goal to modernize digital infrastructure and catch up with other international standards.”
On top of that, as both online transactions and digital fraud numbers balloon, digital ID features such as advanced encryption, biometric verification and multi-factor authentication add security for users.
Which is to say, the value of implementing digital ID in the UK is clear. The regulatory waters, however, could still get a bit clearer.
Article Topics
AVID Certification Services | Certeidas | certification | DIATF certification | Digidentity | digital identity | eIDAS | EU | identity verification | Spain | UK
Comments